Hacker network members charged in 2018 cyber attacks, threats in Southern California

LOS ANGELES — Federal authorities Monday arrested one of two young men charged with making false threats of violent attacks at Los Angeles International Airport and numerous Southern California school districts, and staging attacks on computer systems belonging to a Long Beach company and others.

The two defendants allegedly are members of the Apophis Squad, a worldwide collective of computer hackers and swatters intent on using the internet to cause chaos. The collective caused disruptions by making threatening phone calls, sending bogus reports of violent school attacks via email, and launching distributed denial-of-service — DDoS — attacks on websites, according to the U.S. Attorney’s Office.

Timothy Dalton Vaughn, 20, of Winston-Salem, North Carolina — who allegedly used online handles that include “WantedbyFeds” and “HackerRUS” — was arrested by special agents with the FBI, according to federal prosecutors.

The second defendant named in the indictment — George Duke-Cohan, 19, of Hertfordshire, United Kingdom, who used online handles that included “DigitalCrimes” and “7R1D3N7” — is currently serving a prison sentence in Britain for making a hoax threat targeting an airliner, according to the document filed in federal court in Los Angeles.

The indictment alleges that Apophis Squad conducted cyber and swatting attacks against individuals, businesses and institutions in the United States and the U.K. Members made threats of bombs and school shootings that were “designed to cause fear of imminent danger and did cause the closure of hundreds of schools on two continents on multiple occasions,” according to the document.

Prosecutors allege the conspiracy spanned the first eight months of 2018, during which members of Apophis Squad communicated various threats — sometimes using “spoofed” email addresses to make it appear the threats had been sent by innocent parties, including the mayor of London.

They also defaced websites and launched DDoS attacks. In addition, Vaughn allegedly conducted a DDoS attack that took down hoonigan.com, the website of a Long Beach motorsport company, for three days, and sent extortionate emails to the company demanding a Bitcoin payment to cease the attack.

The indictment also alleges that Duke-Cohan called the FBI field office in Omaha, Nebraska, on multiple occasions, discussed the deployment of deadly pathogens in the office, and threatened to rape and kill the wife of the FBI employee who answered the phone.

Vaughn allegedly bragged in an online forum that Apophis Squad had targeted more than 2,000 schools in the U.S. and more than 400 in the United Kingdom, according to the indictment, which details threats about imminent shootings and bombs being sent to school districts across Southern and Central California.

The U.S. Attorney’s Office alleges Duke-Cohan posted a message on Twitter taking credit for the hoax emails on behalf of Apophis Squad in which he wrote, “We are OPEN for request for school lockdowns / evacs.”

The Apophis Squad also took credit for hacking and defacing the website of a university in Colombia, resulting in visitors to the site seeing a picture of Adolf Hitler holding a sign saying “YOU ARE HACKED” alongside the message “Hacked by APOPHIS SQUAD.”

The 11-count indictment, which was returned by a Los Angeles federal grand jury on Friday and unsealed Tuesday, charges Vaughn and Duke-Cohan with conspiracy and eight additional felony offenses, including making threats to injure in interstate commerce and making interstate threats involving explosives. Vaughn is additionally charged with intentionally damaging a computer and interstate threat to damage a protected computer with intent to extort.

If convicted of all 11 charges in the indictment, Vaughn would face up to 80 years in federal prison. If he is convicted of the nine charges in the indictment in which he is named, Duke-Cohan would face up to 65 years behind bars.